A slightly fuzzy article that has been put together here by Golem.1 Perhaps briefly summarized:
The electrical/electronic system (E/E system) of a vehicle, which had its SOP (start of production) for the first time in 2013, has not been further developed for 10 years and now falls behind the requirements for automotive cybersecurity with the entry into force of UN-R155 rules for so-called „All Types“.
Hmm – doesn’t sound so bad at first – how should one already know the regulatory requirements at the time of the development of the E/E system (usually 5-6 years before the SOP of the vehicles equipped with this E/E system) and take them into account in the design?
On the other hand, we are not talking about requirements that originate from rocket science: Protection of ECUs against unauthorized root access, integrity protection of software on ECUs, reasonable vulnerability management process … All these things were already state of the art at the time of the design of the E/E-system or could at least have been added during the life of the vehicle in the field.
In this respect, the vehicle was probably designed more as a cash cow that could be milked until the last day and then pushed into the cover pit. Other manufacturers can do better … 🙂
